Archive

Category Archives for "Networking"

PSA: Virtual Interfaces (in ESXi) Aren’t Limited To Reported Interface Speeds

There is an incorrect assumption that comes up from time to time, one that I shared for a while, is that VMware ESXi virtual NIC (vNIC) interfaces are limited to their “speed”.

In my stand-alone ESXi 7.0 installation, I have two options for NICs: vxnet3 and e1000. The vmxnet3 interface shows up at 10 Gigabit on the VM, and the e1000 shows up as a 1 Gigabit interface. Let’s test them both.

One test system is a Rocky Linux installation, the other is a Centos 8 (RIP Centos). They’re both on the same ESXi host on the same virtual switch. The test program is iperf3, installed from the default package repositories. If you want to test this on your own, it really doesn’t matter which OS you use, as long as its decently recent and they’re on the same vSwitch. I’m not optimizing for throughput, just putting enough power to try to exceed the reported link speed.

The ESXi host is 7.0 running on an older Intel Xeon E3 with 4 cores (no hyperthreading).

Running iperf3 on the vmxnet3 interfaces, that show up as 10 Gigabit on the Rocky VM: 

[ 1.323917] vmxnet3 0000:0b:00.0 ens192: renamed  Continue reading

Git as a Source of Truth for Network Automation

In Git as a source of truth for network automation, Vincent Bernat explained why they decided to use Git-managed YAML files as the source of truth in their network automation project instead of relying on a database-backed GUI/API product like NetBox.

Their decision process was pretty close to what I explained in Data Stores and Source of Truth parts of Network Automation Concepts webinar: you need change logging, auditing, reviews, and all-or-nothing transactions, and most IPAM/CMDB products have none of those.

On a more positive side, NetBox (and its fork, Nautobot) has change logging (HT: Leo Kirchner) and things are getting much better with Nautobot Version Control plugin. Stay tuned ;)

How to Improve Your Network Security

Information is powerful. As our reliance on technology increases, more and more companies are storing classified data on their online networks. Cloud computing is becoming the new norm – but so is cybercrime. When such delicate information is stored on computer networks, it is important for the data to be analyzed, controlled, and protected accordingly. Especially in case of financial matters, it is essential to protect financial information to prevent it from getting into the wrong hands.

Data security is becoming a great deal of concern in the modern world. While companies are paying millions of dollars to ensure network security, their data is still at risk of breaches and cyberthreats. If the network security of a company is compromised, the business risks losing billions of dollars since it betrays the trust of shareholders and customers alike.

If you are unsure regarding the safety of your network and company data, then you need to take a few extra steps to ensure network security. Here are a few simple, cost-effective steps that you can follow to protect your company data from any potential breaches:

1. Password Strategy

Every data network has a strong password encryption to it. However, one of the Continue reading

A Gift Guide for Sanity In Your Home IT Life

If you’re reading my blog you’re probably the designated IT person for your family or immediate friend group. Just like doctors that get called for every little scrape or plumbers that get the nod when something isn’t draining over the holidays, you are the one that gets an email or a text message when something pops up that isn’t “right” or has a weird error message. These kinds of engagements are hard because you can’t just walk away from them and you’re likely not getting paid. So how can you be the Designated Computer Friend and still keep your sanity this holiday season?

The answer, dear reader, is gifts. If you’re struggling to find something to give your friends that says “I like you but I also want to reduce the number of times that you call me about your computer problems” then you should definitely read on for more info! Note that I’m not going to fill this post will affiliate links or plug products that have sponsored anything. Instead, I’m going to just share the classes or types of devices that I think are the best way to get control of things.

Step 1: Infrastructure Upgrades

When you Continue reading

How the US paused shopping (and browsing) for Thanksgiving

How the US paused shopping (and browsing) for Thanksgiving

So, if you like to keep up with the tradition in the United States you and your family yesterday (November 25, 2021) celebrated Thanksgiving. So on a special day, with family gatherings for many and with a lot of cooking if you’re into the tradition (roast turkey, stuffing and pumpkin pie), it makes sense that different Internet patterns show up on Cloudflare Radar.

First, let’s look at shopping habits. After a busy Monday, Tuesday and Wednesday, online shopping paused for Thanksgiving Day and dipped at lunchtime. So in a very good week for e-Commerce, Thanksgiving was an exception, especially at the extended lunchtime.

How the US paused shopping (and browsing) for Thanksgiving

Now, let’s focus on Internet traffic at the time of the Thanksgiving Dinner. First, what time is that? Every family is different, but a 2018 survey of US consumers showed that for 42% early afternoon (between 13:00 and 15:00 is the preferred time to sit at the table and start to dig in). But 16:00 seems to be the “correct time” — The Atlantic explains why.

Cloudflare Radar shows that Internet traffic in the US increased this past seven days, compared with the previous period, and that makes sense given that it’s traditionally a good week for Continue reading

Heavy Networking 608: Everything You Ever Wanted To Know About NAC (And Then Some)

Today's Heavy Networking goes deep on Network Access Control (NAC) for wired and wireless networks. Our guest is Arne Bier, a Senior Consulting Engineer and CCIE. We hit a bunch of topics including MAC authentication bypass, client certificates, EAP methods, and more. We also discuss reasons why NAC is worth deploying despite the effort.

The post Heavy Networking 608: Everything You Ever Wanted To Know About NAC (And Then Some) appeared first on Packet Pushers.

Heard in the halls of Web Summit 2021

Heard in the halls of Web Summit 2021
Opening night of Web Summit 2021, at the Altice Arena in Lisbon, Portugal. Photo by Sam Barnes/Web Summit
Heard in the halls of Web Summit 2021

Global in-person events were back in a big way at the start of November (1-4) in Lisbon, Portugal, with Web Summit 2021 gathering more than 42,000 attendees from 128 countries. I was there to discover Internet trends and meet interesting people. What I saw was the contagious excitement of people from all corners of the world coming together for what seemed like a type of normality in a time when the Internet “is almost as important as having water”, according to Sonia Jorge from the World Wide Web Foundation.

Here’s some of what I heard in the halls.

With a lot happening on a screen, the lockdowns throughout the pandemic showed us a glimpse of what the metaverse could be, just without VR or AR headsets. Think about the way many were able to use virtual tools to work all day, learn, collaborate, order food, supplies, and communicate with friends and family — all from their homes.

While many had this experience, many others were unable to, with some talks at the event focusing on the digital divide and how “Internet access Continue reading

Lesson Learned: Some Services Are Not Worth Delivering

Here’s one of the secrets to AWS’s unprecedented scale and financial success: they figured out very early on that some services are not worth delivering. Most everyone else believes in building snowflake single-customer solutions to solve imaginary problems, effectively losing money while doing so.

Watch the video
You’ll need a Free ipSpace.net Subscription to watch the video.

Everything you ever wanted to know about UDP sockets but were afraid to ask, part 1

Everything you ever wanted to know about UDP sockets but were afraid to ask, part 1
Snippet from internal presentation about UDP inner workings in Spectrum. Who said UDP is simple!
Everything you ever wanted to know about UDP sockets but were afraid to ask, part 1

Historically Cloudflare's core competency was operating an HTTP reverse proxy. We've spent significant effort optimizing traditional HTTP/1.1 and HTTP/2 servers running on top of TCP. Recently though, we started operating big scale stateful UDP services.

Stateful UDP gains popularity for a number of reasons:

QUIC is a new transport protocol based on UDP, it powers HTTP/3. We see the adoption accelerating.

We operate WARP — our Wireguard protocol based tunneling service — which uses UDP under the hood.

— We have a lot of generic UDP traffic going through our Spectrum service.

Although UDP is simple in principle, there is a lot of domain knowledge needed to run things at scale. In this blog post we'll cover the basics: all you need to know about UDP servers to get started.

Connected vs unconnected

How do you "accept" connections on a UDP server? If you are using unconnected sockets, you generally don't.

But let's start with the basics. UDP sockets can be "connected" (or "established") or "unconnected". Connected sockets have a full 4-tuple associated {source ip, source port, destination ip, destination port}, unconnected Continue reading

Circular Dependencies, VMware NSX-T Edition

A friend of mine sent me a link to a lengthy convoluted document describing the 17-step procedure (with the last step having 10 micro-steps) to follow if you want to run NSX manager on top of N-VDS, or as they call it: Deploy a Fully Collapsed vSphere Cluster NSX-T on Hosts Running N-VDS Switches1.

You might not be familiar with vSphere networking and the way NSX-T uses that (in which case I can highly recommend vSphere and NSX webinars), so here’s a CliffsNotes version of it: you want to put the management component of NSX-T on top of the virtual switch it’s managing, and make it accessible only through that virtual switch. What could possibly go wrong?

Read more …

Automation 5. Running Python (MicroPython) Scripts with pySROS Directly on Nokia SR OS Network Devices

Hello my friend,

We have already reviewed how to collect the operational and configuration data from Nokia SR OS devices, and even how to structure it in YANG trees, as well as how to configure network devices with Python and pySROS. You may think, that all the interesting things about Nokia pySROS are already covered. Well, we have some more aces in the pocket for you. Today you will learn some new things, such as MicroPython and how to run the pySROS code directly on Nokia SR OS based network functions. 



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Network Automation Is So Popular These Days… Shall I Do Something Different?

Network Automaton is indeed getting more and more popular. There are a few reasons for that: one the one hand, networks getting more complex with all fancy SDx technologies (SDN, SD-WAN, SDA, etc); on the other hand, it is required to deliver new services quicker and quicker. Doing the things manually Continue reading

The Hard Facts: Hardware vs. Software Load Balancers

Flexible infrastructure choices and application architectures are changing the way that modern enterprises run their distributed environments (see Figure 1). Enterprises have become application-centric, investing significant effort and resources in continuous delivery goals and DevOps practices in order to automate routine IT and operations tasks.

Hardware-based application delivery controllers (ADCs) have been the staple of application delivery in data centers for the last two decades. However, these legacy load balancing solutions aren’t keeping up with the changes in modern, dynamic capacity and automation needs. Legacy hardware-based ADCs have become inflexible in the face of changing requirements, delaying application rollouts and causing overspending and overprovisioning in many cases. Most enterprises experience the “do more with less but faster” challenges shown in Figure 2  when it comes to rolling out new applications or updates, which can often take weeks.

With aggressive continuous delivery goals and ever-greater customer expectations, businesses are pushing back against delays due to hardware provisioning and manual configurations of ADCs that slow time to market for application deployments and updates.

Figure 1: Computing today: Evolving app architectures and infrastructure heterogeneity.

 

Figure 2: Legacy hardware-based load balancing solutions are not keeping up with the modern pace of business.

Virtualized Continue reading

Day Two Cloud 125: Scanning Infrastructure-as-Code For Security Issues

It's always better to catch misconfigurations and security issues earlier in your pipeline rather than later. That's especially true for cloud services where a simple configuration error can expose sensitive assets to the entire Internet. On today's Day Two Cloud podcast we discuss how to incorporate security checks into your Infrastructure-as-Code (IaC) workflows. Our guest is Christophe Tafani-Dereeper, a cloud security engineer.

The post Day Two Cloud 125: Scanning Infrastructure-as-Code For Security Issues appeared first on Packet Pushers.

1 424 425 426 427 428 3,345